<?php
//session_start();
//include_once $_SERVER['DOCUMENT_ROOT']."/math-videos/configure.inc.php";
//check if you have curl loaded
if(!isset($valid_controller)||$valid_controller===false)
{
  return;
}
//$thumbnail ='';
//$data_string = json_decode($_REQUEST['json'],true);
//$data_string = urldecode($_REQUEST['json']);
//$data_string = json_decode($data_string,true);

//echo "!!!!!!!!!!!!!!username = $username<br>";
//authertication user
$sqltext="select id as user_id , institute_id from users  WHERE username=? and password=?";
$params = array();

array_push($params,sql_escape($username));
array_push($params,sql_escape($password));
$result = db_select_query($conn2,$sqltext,$params);
$user_id='';
$institute_id='';
while($row = db_fetch_array($result))
{
	$user_id = $row['user_id'];
	$institute_id = $row['institute_id'];
}

if($user_id =='')
{
	header('HTTP/1.1 401 Authorization Required');
	//echo "HTTP/1.1 401 <br />";
//	echo "Date: ".gmdate('F j, Y, g:i:s')." GMT<br />";
//	echo "Location: https://api.mathinstitutes.org/metadata/v1/asset/2341<br />";
	echo "{\"error\": \"Authorization Required.\"}";
}
else
{
    //update asset table 
	$id= $assetID;
	$update_flag= false;			
	//check if user has right to upf=date this asset
	$sqltext="select title , thumbnail_type from asset WHERE id=? and institute_id = ?";
	$params = array();

	array_push($params,sql_escape($id));
	array_push($params,sql_escape($institute_id));
	$result = db_select_query($conn,$sqltext,$params);
	while($row = db_fetch_object($result))
	{
		foreach ($row as $key => $value) 
		{
			$update_flag= true;	
			$$key=$value;		
		}
	}
	if($update_flag)
 {			
		if($thumbnail_type !='' )//has thumbail
		{			
			$image_name =$id."_thumb.".$thumbnail_type;
			$thumbnail_image_file = $institute_id."/".$id."/".$image_name;	
		//	echo $_SERVER['DOCUMENT_ROOT']."/math-videos/images/$thumbnail_image_file"; 
			if(file_exists($_SERVER['DOCUMENT_ROOT']."/math-videos/images/$thumbnail_image_file"))
			{
				unlink($_SERVER['DOCUMENT_ROOT']."/math-videos/images/$thumbnail_image_file");
			}
		}
		$params = array();
		$thumbnail_type='';
		$sqltext="UPDATE asset SET ";
		$thumbnail_sha1 ='';
		$sqltext .="thumbnailSHA1 =?";
		array_push($params,sql_escape($thumbnail_sha1));
		$sqltext .=",thumbnail_type =?";
		array_push($params,sql_escape($thumbnail_type));
		$sqltext .=" WHERE id=?";
		array_push($params,sql_escape($id));
		db_change_query($conn,$sqltext,$params);
	 // echo $id;
	 //add to api log
			$sqltext="INSERT INTO api_logs(query,added_date,user_id, institute_id,asset_id) values( ?, ?, ?,?,?)";
			$params = array();
			array_push($params,'Delete Thumbnail');
			array_push($params,date("Y-m-d H:i:s"));
			array_push($params,sql_escape($user_id));
			array_push($params,sql_escape($institute_id));
			array_push($params,sql_escape($id));
			db_change_query($conn,$sqltext,$params);

	//	unset($result_array);
	//	$result_array['assetID']="Thumbnail Deleted dor asset: $id";		
	//	$result_array['assetURL']=$site_http."metadata/v1/asset/".$id;		
		header('HTTP/1.1 200 OK. Successful deletion of thumbnail from asset');
	//	echo json_encode($result_array);	
	}
	else
	{
		header('HTTP/1.1 403, 404. Specified Asset is not owned by authenticated user and cannot be deleted, or Asset Not Found Specified Asset was not found in the catalog.');
		//echo "Date: ".gmdate('F j, Y, g:i:s')." GMT<br />";
		//	echo "Location: https://api.mathinstitutes.org/metadata/v1/asset/2341<br />";
		echo "{\"error\": \"Specified Asset is not owned by authenticated user and cannot be deleted, or Asset Not Found Specified Asset was not found in the catalog.\"}";
	}
	
}
?>